Arrow icon
Ness Labs: Make the most of your mind
Learn more about Joggo

A Summary of

What are zk-SNARKs?

Jay Graber
View original

Zcash is the first widespread application of zk-SNARKs

  • It stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge".
  • Zero-knowledge” proofs allow one party to prove to another that a statement is true without revealing information beyond the statement's validity.
  • "Succinct" means the proofs can be verified within a few milliseconds.
  • Currently, the most efficient way to produce zero-knowledge proofs that are non-interactive & short enough to publish to a block chain is to have an initial setup phase that generates a common reference string between prover & verifier.
  • This common reference string is called the public parameters of the system.

How zk-SNARKs are constructed in Zcash

  • zk-SNARKs work by first turning what you want to prove. into an equivalent form about knowing a solution to some equations.
  • Computation → Arithmetic Circuit → R1CS → QAP → zk-SNARK

How zk-SNARKs are applied to create a shielded transaction

  • Zcash uses zk-SNARKs to prove the conditions for a transaction have been satisfied without revealing crucial information.
  • Shielded transactions must satisfy some other conditions:
  • Commitment = HASH(recipient address, amount, rho, r)
  • Nullifier = HASH(spending key, rho)
  • For each input note, a revealed commitment exists.
  • Nullifiers & note commitments are computed correctly.
  • It is infeasible for the nullifier of an output note to collide with the nullifier of any other note.
Related content
See all posts
Arrow icon